﻿# -------------------- #
# Common Configuration #
# -------------------- #
param([string]$virtualMachineService, [string]$virtualMachineName)

Write-Information "Virtual machine '$virtualMachineName' executing common configuration ... " -NoNewLine $true
$session = Get-VirtualMachineInstancePowerShellSession -Subscription $subscription -VirtualMachineName $virtualMachineName -ForceDomainLogin $script.domainLogin
$restart = Invoke-Command -Session $session -ScriptBlock {
    $restart = $false
	# Disable loopback check
    if ((Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableLoopbackCheck" -ErrorAction SilentlyContinue).DisableLoopbackCheck -ne "1")
    {
	    $item = New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "DisableLoopbackCheck" -PropertyType DWORD -Value 1 -Force
        $restart = $true
    }
	# Disable user access control
    if ((Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -ErrorAction SilentlyContinue).EnableLUA -ne "0")
    {
	    $item = Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 0
        $restart = $true
    }
	# Disable IE enhanced security configuration
	Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0
	Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0
	# Disable firewall
	netsh advfirewall set allprofiles state off | Out-Null
	# Disable Windows Updates
	$item = New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows -Name WindowsUpdate -ErrorAction SilentlyContinue
	$item = New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name AU -ErrorAction SilentlyContinue
	$item = New-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoUpdate -Value 1 -ErrorAction SilentlyContinue
	# Not do open Server Manager upon login
	Set-ItemProperty HKLM:\SOFTWARE\Microsoft\ServerManager\Oobe -Name DoNotOpenInitialConfigurationTasksAtLogon -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	Set-ItemProperty HKLM:\SOFTWARE\Microsoft\ServerManager -Name DoNotOpenServerManagerAtLogon -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	# Enable WinRM connections (Enable Server Manager -> Add Server)
	winrm quickconfig -quiet | Out-Null
	# Taskbar (use small icons, taskbar buttons: combine when taskbar is full)
	Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarSmallIcons -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarGlomLevel -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	# Notification Area (display all icons)
	Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer -Name EnableAutoTray -Type DWORD -Value 0 -ErrorAction SilentlyContinue
    # Notification Area (hide Action Center system icon)
    Set-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\Explorer -Name "HideSCAHealth" -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	# Hide Recycle Bin desktop icon
	New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer -Name HideDesktopIcons -ErrorAction SilentlyContinue | Out-Null
	New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons -Name ClassicStartMenu -ErrorAction SilentlyContinue | Out-Null
	New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons -Name NewStartPanel -ErrorAction SilentlyContinue | Out-Null
	Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu -Name "{645FF040-5081-101B-9F08-00AA002F954E}" -Type DWORD -Value 1 -ErrorAction SilentlyContinue
	Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel -Name "{645FF040-5081-101B-9F08-00AA002F954E}" -Type DWORD -Value 1 -ErrorAction SilentlyContinue
    return $restart
}
Remove-PSSession $session
Write-Text "done."
if ($restart)
{
    Restart-VirtualMachineInstance $subscription $virtualMachineService $virtualMachineName $false $script.waitForService
}